27 matches found
EUVD-2021-33118
Malicious code in bioql PyPI...
EUVD-2023-36411
Malicious code in bioql PyPI...
CVE-2023-32143
D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-32143
CVE-2023-32143 describes a remote code execution in D-Link DAP-1360 (and DAP-2020) routers. The flaw is in handling requests to the /cgi-bin/webupg endpoint, where improper validation can cause an integer overflow during buffer allocation, allowing network-adjacent attackers to execute code with ...
CVE-2023-32143 D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability
D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...
D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webupg endpoint. The issue...
The vulnerability of the UPGCGI_CheckAuth() function in D-Link’s wireless access points DAP-2020 and DAP-1360 allows a hacker to execute arbitrary code.
The vulnerability of the UPGCGICheckAuth function in D-Link’s wireless access points DAP-2020 and DAP-1360 is related to numerical truncation errors during the processing of the binary file webupg. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
PT-2022-6602 · D Link · D-Link Dap-2020 +1
Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 affected versions not specified D-Link DAP-2020 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link routers. Authentication is...
The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software allows attackers to circumvent security restrictions.
The vulnerability of the cgi-bin/webupg component of D-Link DIR-825AC G1 microprogramming router software is related to authentication deficiencies when processing the autoupgrade.asp parameter. Exploiting this vulnerability allows a hacker to bypass security restrictions using a specially create...
The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software is related to incorrect processing of the cmd parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands using a specially created POST request...
D-Link DIR-825 G1 Command Injection Vulnerability
The DIR-825 G1 is a router from D-Link in Taiwan, China. A command injection vulnerability exists in the D-Link DIR-825 G1 firmware version, which stems from a lack of parameter validation in the "webupg" binary file. The vulnerability can be exploited to execute arbitrary system commands with th...
CVE-2021-46441
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization...
CVE-2021-46441
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization...
CVE-2021-46442
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...
CVE-2021-46442
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...
Authorization
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...
Authorization
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization...
CVE-2021-46441
CVE-2021-46441 affects D-Link DIR-825 G1 firmware with the webupg binary. The vulnerability arises from a lack of parameter verification, allowing an attacker who has obtained authorization to supply cmd parameters that execute arbitrary system commands. Connected advisories corroborate a command...
CVE-2021-46441
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization...
CVE-2021-46442
Summary of CVE-2021-46442 : Affected product is the D-Link DIR-825 G1 router, specifically the webupg binary. The vulnerability allows an attacker to bypass authentication via the parameter involved in the autoupgrade.asp flow, enabling unauthorized actions such as downloading configuration files...